Top 5 Mistakes Made During A Software Audit

Top 5 Mistakes Made During A Software Audit

According to Gartner, software audits are increasing for organizations of all sizes and industries, as IT vendors look to protect their intellectual property and augment traditional sales streams. Suppliers and their compliance teams continue to leverage new tactics to uncover over-deployed licenses that can be converted into a revenue opportunity or an unplanned expense for their customers.
Companies typically undergo 5 or less software audits per year, so it’s not surprising that internal resources and product owners are caught off guard and unprepared for information requests made during a license assessment. Although many enterprises have invested in Software Asset Management (SAM) tools and programs, Connor Consulting continues to observe that companies tend to make 5 common mistakes when undergoing a software review, which frequently leads to excessive license and support fees being paid to vendors.

In no particular order, below is a summary of the Top 5 mistakes made by enterprises when being audited:

1. Formal Audit Response Team (ART) is not in place.
Communication is not centralized through a designated or formal team, commonly referred to as an ART. Vendors and their auditors often have direct access to IT administrators and operations personnel, which can lead to over-sharing of information or data collected that’s not relevant to the scope of the software audit. The ART should designate a single point of contact for any license review to prevent information leaks that increase adverse findings and software over-deployment risk exposure.

2. Entitlement data is not requested up front.
It is common business practice for vendors and auditors to withhold software entitlement data from customers once an audit is initiated or until the reporting phase of the review. Having a complete picture of your software purchases is essential in ensuring compliance with a given IT supplier agreement. While vendors don’t always agree or aren’t forthcoming with the records, it’s a leading practice to leverage relationships with your account teams and/or resellers to obtain complete downloads of your license entitlement data. Ideally, these requests for major IT vendors should be made prior to any audit, as part of normal SAM operations.

3. Data provided to vendors and auditors contains too much information.
During a kickoff or scoping meeting, the auditors will talk through the data collection procedures. They generally provide flexibility as to how they’ll extract pertinent software data from existing tools and/or their own custom shell scripts. More often than not, the output contains information that may not be directly relevant to the scope of the vendor review. It’s important for customers to review the code of any custom scripts and verify the key words being used for software discovery queries, as they could produce data about users, systems or other vendors that should not be divulged.

4. Audit findings, calculations and assumptions aren’t challenged by customers.
After the vendor deployment data is collected and reconciled to the customer’s purchase entitlements, the auditors will generate a compliance table summarizing the auditee’s effective licensing position, marking any license issues in red. In many cases, companies don’t try and self-audit the findings, check the Excel formulas/calculations and verify whether the assumptions are reasonable, given the existing product install base and other IT environment factors. Failure to do so can cost them an exorbitant amount of software and support fees upon settlement of the audit.

5. Future business or pending vendor purchases aren’t consistently leveraged.
Yes, the vendor usually has the right to audit you and verify compliance with an existing software agreement; however, your company may have deal leverage that is not being used to influence the outcome of the review. For example, there could be a sizable investment in flight or being considered with the incumbent IT supplier. Creating an alignment wedge between the sales organization and compliance function is a well-known best practice, but it’s not routinely employed enough by customers under review. If the commercial opportunity is considered significant or strategic (e.g., cloud migration, contract renewal, etc.), the timing, scope and results of the assessment could be impacted in your favor, saving your organization cycles and cash.

For more information regarding the above or to learn how you can repeatedly avoid these costly mistakes through effective Software Asset Management and leading Audit Coaching practices, contact Connor Consulting at

Connor Consulting has global teams with an average experience of 10+ years that specialize in contract & license compliance, software asset management, IP royalty audits and 3rd party reviews.

About the Author

Rich Reyes is an Executive Vice President (EVP) for the global Software Advisory practice at Connor Consulting. He brings 20 years of thought leadership around software licensing & compliance, technology asset management and IT sourcing. Rich has performed hundreds of software audits on behalf of major vendors, established an ITAM/SAM practice for a Fortune 100 retailer and continues to advise companies on practical ways to mitigate IT supplier risks, reduce software total cost of ownership (TCO) and optimize licensing environments. He’s also a frequent speaker at industry events.